Security incident response refers to the response of an information technology (IT) organization or system to malicious or suspicious behavior in an IT environment.
In a highly dynamic environment such as a public cloud, the ease of obtaining virtual resources increases the opportunity for attack, and, may require shut down affected resources. In this environment, companies are typically concerned with malicious traffic coming into their network. Accordingly, intrusion protection systems (IPS) and intrusion detection systems (IDS) are built and tuned to look for malicious inbound traffic. In a public cloud environment, cloud service providers (CSPs) are concerned that the virtual resources provisioned by their clients are not engaging in malicious behavior. This malicious behavior may be intentional (for example, a user signs up for a free trial VM instance on which to run an attack) or unintentional (for example, a user does not adequately protect their internet-facing virtual instance and is unwillingly hacked or compromised). In these cases, as the source of the attack or bad behavior is from within the CSP's environment, the first indication that there has been a compromise is likely through suspicious outbound traffic.
Reputational schemes are known. For example, many auto insurance programs provide discounts to users who have proven to be safe (accident and claim free) over a period of time. A methodology referred to as the value measuring methodology provides a framework within which planners balance tangible and intangible values for making decisions and monitoring benefits.